Boeing 787s under cyber threat from 'faulty' chip

Two Cambridge experts have discovered a "back door" in a computer chip used in military systems and aircraft such as the Boeing 787 that could allow the chip to be taken over via the internet.

The discovery will heighten concerns about the risks of cyber attacks on sensitive installations, coming on the heels of the discovery this week of the Flamer virus which has been attacking computer systems in Iran, Syria and Saudi Arabia.

In a paper published in draft form online and seen by the Guardian, researchers Sergei Skorobogatov of Cambridge University and Chris Woods of Quo Vadis Labs say that they have discovered a method that a hacker can use to connect to the internals of a chip made by Actel, a US manufacturer.

"An attacker can disable all the security on the chip, reprogram cryptographic and access keys … or permanently damage the device," they noted.

Woods told the Guardian that they have offered all the necessary information about how the hack can be done to government agencies — but that their response is classified.

"The real issue is the level of security that can be compromised through any back door, and how easy they are to find and exploit," Woods said.

The back door may have been inserted by Actel itself, whose ProASIC3 chip is used in medical, automotive, communications and consumer products, as well as military use.

Woods said that "a back door is an additional undocumented feature deliberately inserted into a device for extra functionality" — in effect, a secret way to get into the chip and control it.

Crucially, in this case it exists as part of the design of the silicon chip — meaning that it cannot be removed because it is inherent in how the chip reacts to certain inputs. He suggested that it may have been put there by design by Actel, because there are some traces of the existence of such a back door in the system files of Actel development software.

But, he said, that creates serious risks: "The great danger comes from the fact that such a back door undermines the high level of security in the chip, exposing it to various attacks. Although Actel claims that their devices are secure because there is no physical path for the configuration data to be read to the outside world, a back door was added with a special key to circumnavigate the security."

Actel did not respond to requests for comment by the time of publication.

Rik Ferguson, director of security research at the online security company Trend Micro, said: "The fact that the flaw is in the hardware makes it harder to eradicate.